How to configure several SSL certificates in OutSystems Platform with JBoss 7.1.1 AS

In some situations you might want to have several hostnames pointing to the same machine.

The simpler solution would be to have a certificate that covers all the addresses used with either a wildcard certificate or alternative common names. In this case you just install this certificate using the instructions in this post.

If you can't have this, you'll need to configure your JBoss installation to use several IP's (and have a different certificate in each). For this you'll need your machine to have several IPs but this configuration is outside the scope of this post and should be handled with your IT. We will also not cover keystore manipulation as it is already covered in this post which keytool to use. This post assumes you have several IPs and the certificates added to your keystore. The simplest configuration would be to have one keystore for each certificate to be used.

Now, on the top-level we need to do the following:

1) add an interface to the jboss configuration file for each IP and for 127.0.0.1
2) add one socket-binding for each IP and for 127.0.0.1
3) delete the existing https connector
4) add one connector for each IP and for 127.0.0.1

Imagining your server has the following IP addresses 10.221.65.221 and 10.221.65.230 and a keystore for each (<ip-address>.keystore), this is what you need to change in the configuration file:

1) In the <interfaces> element, add an interface for each ip and 127.0.0.1:

<interfaces>

<interface name="management">

<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>

</interface>

<interface name="public">

<inet-address value="${jboss.bind.address:127.0.0.1}"/>

</interface>

<interface name="unsecure">

<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>

</interface>
<!-- NEW INTERFACES HERE -->

<interface name="ip1">

<inet-address value="10.221.65.221"/>

</interface>

<interface name="ip2">

<inet-address value="10.221.65.230"/>

</interface>

<interface name="localhost">

<inet-address value="127.0.0.1"/>

</interface>

</interfaces>

2) In the socket-binding-group element, add a binding for each of the above interfaces on port 8443